Apple may be under the gun to repair an iPhone security hole announced on Monday by security group Independent Security Evaluators.
The group, which discovered a security hole in which the iPhone could be manipulated into sending personal data from the handset provided the iPhone accesses a malicious web site, has promised to show how the hack was performed at the upcoming Black Hat 2007 security conference in Las Vegas next week.
According to Macworld UK, Apple is under pressure to release a first software patch for the handset. Historically, this task has been traditionally assigned to wireless carriers, a common task with mobile phones. Unfortunately, this also seems to have proven a heavy task for a wireless carrier to take on, as carriers have sometimes proven slow to patch software even in cases where prominent bugs are known.
“Right now other smart phones are full of vulnerabilities and they are not getting patched,” said Robert Graham, CEO of Errata Security. “This is actually a good test to see if Apple can do this better than the mobile carriers.”
Rumors have also surfaced that Graham’s business partner, David Maynor, who became infamous in 2006 by discussing details as to problems with Apple’s wireless cards, could be readying a “zero-day” iPhone attack. Via an e-mail interview, Maynor has hinted that this may happen; “We are trying to get something ready but there are no guarantees it will be stage-worthy in time,” he said. “After last year… we make sure that it’s painfully obvious or we don’t do it.”
Stay tuned for additional details as they become available.
And if you have thoughts on the iPhone or what you’d like to see in the first software update for the device, let us know in the forums.
Category: iPhone
-
Apple May be Under Deadline to Fix iPhone Security Hole
-
iPhone Unlocking Effort Reports Progress, Web Server Functionality
The guys over at the osx86.hu hackintosh blog have reported that their efforts to run various open-source applications from the iPhone are proving successful.
According to Electronista, the group has built and run several programs for the device, including a functional Apache web server for hosting sites. Other tools such as Python’s programming language, the vim text editor and assorted utilities have been compiled into binaries and run on the device.
In addition to sorting out how to create an ad-hoc network from AT&T’s EDGE network that other computers can user to surf the Internet, the group claims it’s learned more about how the handset handles and locks out non-AT&T wireless services and SIM cards. Attempts to route around this code sets off a function that identifies the effort as “odd behavior” and closes down unlocking techniques.
Though considered a potential barrier, the find helps indentify what mechanisms an iPhone uses. Last week, the same group announced they had been able to bypass iTunes activation and created a program called iActivator, which can purportedly bypass iTunes via a convenient interface.
If you have any thoughts or ideas on this, let us know over in the forums. -
Chinese iPhone Ripoff
CECT, one of the most prolific rip-off artists in China (the world?), has released another Apple iPhone clone.
Apparently, the CECT P168 wasn’t enough for the clone factory, they had to have another go at the iconic Apple iPhone. The CECT 599 rocks a slightly smaller 3.2 inch 240×400 touchscreen display, but loses the navigation hard keys in favor of a more iPhone-esque minimalistic style.
For about $150 USD, you get Bluetooth, 1.3 megapixel camera, stereo speakers, and the ability to play video files (but only as big as 176√ó144 pixels) – all in a 90 gram body.
Six more pictures after the jump…
CECT rips off the Apple iPhone, again – CECT 599
-
Fake Chinese iPod?
A reader sent in this photo of a supposedly Chinese iPhone, but KennMSr calls it a…FAKE!
That picture has to be a photochopped image because the iPhone is on display at an Apple store (notice the black security tether).
Unless Apple made the U.S. iPhones language agnostic (like all Macs) – but there has been no mention of this feature.
Besides, if that was the case then the carrier logo still would probably be AT&T not ChinaMobile – even though they’re the world’s largest cell carrier with 296M subscribers.Anyone want to translate the screen for us?
Keep in mind, like the crashed iPhone picture, it’s really easy to add a photo to iPhone (via iPhoto or Aperture) and display it in full screen mode.
Contributed by: KennMSr
larger image here
-
Going back to the Crack?
I’ve been a Crackberry addict for about eight years, back when they only did email. My 7250 died this week (In the eight years, I’ve had three blackberries), so I took it as a sign that God really is an Apple user and I needed to take a hint. I had a Blackberry 7250 with Verizon EVDO and got an iPhone 8GB to replace it.
While AT&T’s coverage isn’t as good for me, that’s clearly a “your mileage will vary” point and not my focus.
Please understand my perspective: I’m a road warrior powergeek type that uses this stuff for his job, not fun. I’m looking at this as someone who has to travel/fly every other week to places with no Wifi.
0) Wireless tether
On the Blackberry, I could tether via parallels, and share my network to my Mac. I can’t even dial out using the iPhone. Believe it or not, it’s still possible to end up in places that don’t have Wifi or Ethernet. Yeah it’s slower, but it’s better than nothing. If you don’t understand the “why” on this, you’re lucky.
1) Find
I already posted this, but where’s spotlight? On my Blackberry, I can find a message, contact, etc..
2) Check mail
Blackberry does a good job of pushing data to you when you get an email. It’s one of those things you get spoiled with. iPhone won’t let me check faster than every 15 minutes unless I manually check. I guess they’re compensating for the slower network, but to not giving me a choice irks me. I don’t want to switch to IM for this, cause the business world is still email, I just want more periodic checking options.
3) Auto-spellcheck UI
This is the dumbest thing I’ve seen on the iPhone. I use a lot of TLA’s and abbreviations in my emails. And I’m looking at the keyboard to type, not the screen (Blackberry was a different story, but I had haptic feedback). So when I hit the space bar, don’t AUTO-correct what you think I meant. I have to re-read the whole email to make sure that it didn’t decide to change SAN with sans just because I hit the space bar to continue to the next word.
4) Mark All As Read
I get a ton of SPAM. And I have no interest in going through them all to mark them as read individually (20+ every time I check mail). But if I leave it be, iPhone lists my new messages at a 100 in no time. Just give me a mark all as read button, and even if I can’t get the junk filter, it will at least clear the new email alert.
If Apple told me, you’ll have these things when the next OS comes out, I’d be totally cool. But with the policy of not talking about new features, even the obvious ones, I have a hard time seeing the justification in hanging on to a product to hope that it catches up to the competition. I understand not talking about the double secret probation super cool feature sets, but I have a hard time understanding why they can’t say, yeah, our bad, you’ll have find soon. No comment, makes no sense.
Outside of those initial reactions, I really like the iPhone. But those five things are each small walls in converting over, and might be large enough to force me to go back to crack, despite how happy I was to get off it.
Contributed by: ecuguru
